[Cryptography] Why prefer symmetric crypto over public key crypto?

Tony Arcieri bascule at gmail.com
Sat Sep 7 16:06:14 EDT 2013

On Fri, Sep 6, 2013 at 6:13 AM, Jaap-Henk Hoepman <jhh at cs.ru.nl> wrote:

> Bruce Schneier writes: "Prefer symmetric cryptography over public-key
> cryptography." The only reason I can think of is that for public key crypto
> you typically use an American (and thus subverted) CA to get the recipients
> public key.

As soon as someone builds a large quantum computer (probably at least 10
years away, even for the NSA) most of the public key cryptosystems we use
today will be easily breakable with e.g. Shor's algorithm. Symmetric
algorithms will take a hit as well, with their keyspace cut in half, but
that's the equivalent of going from 256-bit keys to 255-bit keys, so
symmetric crypto will weather the post-quantum era just fine.

In order to beat quantum computers, we need to use public key systems with
no (known) quantum attacks, such as lattice-based (NTRU) or code-based
(McEliece/McBits) algorithms. ECC and RSA will no longer be useful.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130907/8abf8c5f/attachment.html>

More information about the cryptography mailing list